Google issues patches for two serious Chrome zero-day vulnerabilities
Google's Project Zero is very quick to point out security flaws in other company's products, but the search giant is far from being perfect itself. Two recently discovered zero-day vulnerabilities in Chrome have just been fixed with a new patch.
CVE-2020-16009 and CVE-2020-16010 are remote code-execution and heap-based buffer overflow flaws respectively and affect both the desktop and Android versions of Google's web browser.
See also:
- Google's Project Zero reveals details of 'high severity' security flaw with Microsoft's GitHub
- Google shares details of a Windows Kernel Cryptography Driver security flaw that's being exploited by hackers
- Install KB4580364 update to fix Windows 10 problems and gain the new Meet Now taskbar button
The CVE-2020-16009 vulnerability relates to the V8 JavaScript component on the desktop, while the CVE-2020-16010 flaw affecting Android is a heap-based buffer overflow vulnerability. In order to secure their browsers, Windows users need to update to at least version 86.0.4240.183 of Chrome, while Android users need to have at least version 86.0.4240.185 of the browser installed.
News of the flaw was shared on Twitter by Ben Hawkes:
To ensure that you have a safe version of Chrome installed, you will need to update. On the desktop, head to the About screen and a check will be performed. On Android, you will need to launch Google Play and check for updates.
Image credit: Ilya Sergeevych / Shutterstock